Cyber security

Once the Cyber Resilience Act is in place, manufacturers of hardware and software will have to implement cybersecurity measures across the entire lifecycle of the product, from the design and development, to after the product is placed on the market.

While at SPE Offshore Europe last month in Aberdeen, Scotland, World Oil had a chance to visit with two of DNV’s section heads handling various aspects of the digital side of upstream oil and gas. What follows are some highlights of that visit and specific projects that DNV is undertaking.

Together, DNV and Nixu will safeguard demanding IT and industrial control system environments and build business resilience in energy and other sectors. A combined team of more than 500 cyber security experts will provide a market-leading portfolio of consulting and managed services to manage cyber risks.

A majority (59%) of the 600 energy professionals surveyed by DNV say their organization is investing more in cybersecurity in 2023 compared with last year, acknowledging that cyber-attacks on the industry are a question of ‘when’ not ‘if’.

The CYBER MANAGED Prepared notation provides a road map to build cyber-managed vessels. Concretely, with the BV Cyber Managed Prepared Notation system, it means that Express 101 will be ready to receive the CYBER MANAGED notation to protect its on-board computers against unauthorized access, misuse, modification, destruction or improper disclosure of the information generated.

It has become apparent that securing the industry against cyber criminality is a priority, to mitigate the existential threat to business functionality. There are a multitude of actions that operators can take to achieve battle-readiness in this era of unprecedented instability.

DNV outlines how energy companies must address the increasingly common, complex and creative cyber threats facing their organizations.

The white paper provides accessible advice for overcoming hurdles in designing, building and operating OT security programs. These recommendations include setting goals and responsibilities to determine vulnerabilities, selecting countermeasures and governance systems, implementing controls, and embedding assurance schemes.

As companies adopt new technologies to make business more effective and efficient, new risks emerge, and old risks evolve. This requires great cybersecurity that has tools and processes built to adapt to change with minimal effort.

Offshore U.S. oil and natural gas installations are “at significant risk” of cyber-attack, according to a federal watchdog that warned of a potential disaster on par with the 2010 Deepwater Horizon blowout.

Uniwise Offshore, Thailand’s leading offshore support vessel (OSV) company, is enhancing cyber-security standards across its OSV fleet by adopting technology from Inmarsat, the world leader in global, mobile satellite communications. With reliable connectivity delivered by Inmarsat’s Fleet Xpress, Fleet Secure Unified Threat Management (UTM) provides Uniwise with end-to-end functionality to protect its network from cyber-attacks and intrusion via infected devices.

The majority of companies across the U.S. oil and gas industry are at risk of a successful cyber breach according to BreachBits, a cyber risk rating and monitoring company that evaluates and tests organizations from a hacker’s perspective.

Modern offshore operations are highly complex, generating tens of thousands of data points and transmitting them to onshore control centers across multiple types of networks. Offshore facilities also include technologies from many suppliers that interface with the main process control system, each with their own cybersecurity profile. Mature, proven control systems are often selected but require interfaces to new technologies. In this heterogeneous environment that combines old and new, understanding what's on the network can be a significant challenge. Similarly, tracking and managing patches, obsolescence, antivirus, and hardening profiles multiplies in complexity. Many IT offerings do not contemplate these environments so the industry is turning to customized OT cybersecurity products. Register for this free webinar and you will learn - Why cybersecurity is a critical consideration when implementing a de-manning strategy What are the current technologies that are being used in offshore digitalization and threat profiles How to reduce cybersecurity risk for offshore operations

This webinar will provide practical insights and timely intelligence to share how improving cyber security in your oil and gas operations can help provide better and more valuable business outcomes. Attendees will hear about real life cyber security incidents and the steps organizations took to improve the situation. Join speaker Tiffany Hockensmith to gain a better understanding of: • How to protect critical infrastructure • The approach needed to improve cyber resilience • How to ensure an effective incident response plan • How defense mechanisms should be allocated to technology, processes and staff

A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days, the latest in a string of attacks targeting the country’s energy infrastructure over the past few years.

Wärtsilä has been awarded Lloyd’s Register system-level cyber certification for its network architecture relating to Wärtsilä’s integrated main and auxiliary machinery.

Emerson opens its newest cybersecurity lab to help manufacturers confidently adopt digital transformation strategies, while protecting the integrity of their plant operations, networks, systems and data.

Bright and early on Monday morning, in a special press briefing on the first day of the Offshore Technology Conference in Houston, Siemens and TÜV SÜD announced that they are coming together to address the growing risk of cyberattacks on critical infrastructure.

In a deal that puts a spotlight on the shadowy world of cyberwarfare, Jacobs Engineering Group Inc. agreed to acquire KeyW Holding Corp. for about $603 million, increasing its number of employees with top-secret government access by 50%.

The UK’s cybersecurity agency said it won’t automatically share information about data breaches with the country’s data privacy regulator.